<?php
/*********************************************************
This file accepts data from 1R_Customer-Buy and inserts
into the customer db tables
*********************************************************/

/*********************************************************
includes	
*********************************************************/
require_once 'config.inc';
require_once '_common.inc';
require_once '_customer.inc';
require_once '_db.inc';
require_once '_rsa.inc';
require_once '_ui.inc';

/*********************************************************
set the correct time zone to eliminate warnings in debug
*********************************************************/
/*
 
date_default_timezone_set('America/New_York');

$script_tz = date_default_timezone_get();

if (strcmp($script_tz, ini_get('date.timezone'))){
    echo 'Script timezone differs from ini-set timezone.';
} 
 */
/*********************************************************
get and set the variables from 1R_Customer-Buy
*********************************************************/
$idstring = $_POST["idstring"];

if(is_int((int)$_POST["amount"]) &&  $_POST["amount"]> 0)
	$amount = (int)$_POST["amount"];
else
	$amount = 1;

if(is_int((int)$_POST["number"]) &&  $_POST["number"]> 0)
	$number = (int)$_POST["number"];
else
	$number = 1;

if(isset($_POST["cheat"]) && $_POST["cheat"] == 1) {
	$cheat = 1;
	$cheatmo = rand(1, $number); //sets the random cheated mo
	}
else {
	$cheat = 0;
	$cheatmo = 0;
	}	

/*********************************************************
connect to db
*********************************************************/
$customer_conn = db_connect(CUSTOMER_DB_USER, CUSTOMER_DB_PASSWORD);

/*********************************************************
insert into table mo
*********************************************************/
$sql = "insert into mo (batch, n, val, c_cheat)
values (moseq.nextval, $number, $amount, $cheatmo)";

$stmt = oci_parse($customer_conn, $sql);

oci_execute($stmt);

/*********************************************************
insert into tables...
mo_idstrings_customer
AND
mo_idstrings_committed
AND
mo_detail_customer
*********************************************************/
$return_statment = "Successfully created " . $number .
" money orders with value = " . $amount . ".";

for ($counter = 1; $counter <= $number; $counter ++) {
	if ($counter == $cheatmo) {
		$newamount = (($amount * 10) + 1);
		$temp_num = $number - 1;
		$return_statment = "Successfully created " . $temp_num .
			" money orders with value = " . $amount . 
			", and 1 money order with value = " . $newamount . ".";
	}
	else {
		$newamount = $amount;
	}
	
	$ustring = generate_us();
	
		$temp1 = secret_split_array($idstring, $number);
		$temp2 = commit_id_strings($temp1);
		
		//insert to money detail
		
		//generate MO string
		$mo['uniquestring'] = $ustring;
		$mo['amount'] = $newamount;
		$mo['id_hash'] = $temp2;
	
		//seed and get the random r
		$r = generate_r(MODULUS);
		// nb testing
		// Blinded MOs, sent to bank.
		$mo_string = mo_obj_to_string($mo);
		
		
		//echo "Money order string: " . $mo_string . "\n\n";
		
		$h = md5($mo_string);
		
		//echo "MD5 hash of Money order string:  " . $h . "<BR><BR>";
		
		$blind = blind($h, PUBLIC_EXP, MODULUS, $r);
		
		// next... insert to mo_detail_customer
		$sql = "insert into mo_detail_customer 	
		(uniqueness_string, batch, version, val, r, mo_n, blinded_mo, bank_sig, spent)
		values ('" . $ustring . "', moseq.currval, 1, " . $newamount . 
		", '" . $r . "', " . $counter . ", '" . $blind . 
		"', null, 0)";
		
		//echo $sql;
	
		$stmt = oci_parse($customer_conn, $sql);
	
		oci_execute($stmt);
		
	// 1st insert into mo_idstrings_customer
	//		and mo_idstrings_committed
	for ($counter_n = 1; $counter_n <= $number; $counter_n += 1) {
		
		$x = $counter_n -1;
		
		$ltemp1 = $temp1[$x][0];
		$rtemp1 = $temp1[$x][1];
		
		$ltemp2 = $temp2[$x][0];
		$rtemp2 = $temp2[$x][1];
		
		// insert customer id strings
		$sql = "insert into mo_idstrings_customer
		(uniqueness_string, idstring_n, l_id_string, r_id_string)
		values ('" . $ustring . "', " . $counter_n . ", '" . 
		$ltemp1 . "' ,'" . $rtemp1 . "')";

		$stmt = oci_parse($customer_conn, $sql);
	
		oci_execute($stmt);

		// insert committed id strings
		$sql = "insert into mo_idstrings_committed
		(uniqueness_string, idstring_n, l_id_string, r_id_string)
		values ('" . $ustring . "', " . $counter_n . ", '" . 
		$ltemp2 . "' ,'" . $rtemp2 . "')";

		$stmt = oci_parse($customer_conn, $sql);
	
		oci_execute($stmt);
		
			
	}


}

/*********************************************************
close db connection
*********************************************************/
oci_close($customer_conn);


?>

<HTML>

<HEAD>
	<title>Money Orders Created</title>
</HEAD>

<?php
ui_print_header('Customer - Money Orders Created');
echo $return_statment;
?>
<BODY>
<BR>
<BR>
<form action="./2.php">
<input type="submit" value="Go to the Bank">
</form>
<br>
</BODY>

<?php
ui_print_footer(date('Y-m-d H:i:s'));
?>

